I was able to move a group under other groups using POST /{realm}/groups/{id}/children endpoint. However, I can't move the group back to top level.
I can't find any endpoint to do that in the API reference: https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_groups_resource
One weird workaround that came to my mind was deleting and re-creating the group. But then, user relationships will be lost, I'm afraid.
How can I move a group to top?
Use POST /{realm}/groups method with group id in request body to move a group to the root. If you get 500 error pass name attribute as well. Keycloak uses provided group name to verify that no other group with the same name exists in top level.
POST https://keycloak/admin/realms/master/groups
{
"id": "6018073e-1556-4795-9ab9-c22be2615f16",
"name": "Group Name"
}
Related
Lets say I have a social media app. There is a Group model that has a field called invitedUsers which is simply an array of user ids that are a part of that group.
On my backend I have a route that a user hits to join that Group. In that route I do something like the following:
group.invitedUsers = lodash.concat(group.invitedUsers || [], userId)
group.save()
where group is the group that the user wants to join and userId is the id of the user that wants to join the group. Upon save everything is updated properly and the user is now a part of the group.
But what happens if two users hit the route at exactly the same time? How does MongoDB ensure that the group will always have both users ids added via the above method. Is there not a chance that group.invitedUsers could be referencing a stale value if both these group.save() are being triggered around the same time?
I am trying to create Servicenow incident ticket using REST API. Here is the link and body:
https://<mydomain>.service-now.com/api/now/table/incident and body:
{
"short_description":"testing short description",
"assignment_group":"Software",
"urgency":"Medium",
"impact": "Low",
"caller_id":"John Doe",
"description":"testing description"
}
Incident ticket is getting created with all fields populated as requested except assignment_group and description fields. I know these are reference fields. I tried all combination but information is not getting populated for these two fields. Any one has any suggestions? I tried for assignment_group the sys_id value also like "assignment_group":"4ikilo9f1bb43740ddfa315bcd4kmj89" and "assignment_group":{"sys_id":"4ikilo9f1bb43740ddfa315bcd4kmj89"} etc.
pass the id of the assignment group within the API call than directly giving the name of the group, this worked for me :)
I am trying to access a group id of a specific group from keycloak. What I found is like there is no REST Api call is available for access this one. You can refer here http://www.keycloak.org/docs-api/3.0/rest-api/index.html#_groups_resource. This shows that you can access all group details or specific group details only by using their Id's. Actually what I actually need is I want to access only the id of the specific group. Can anyone let me know how to do this?
You can write it like this:
GET http://localhost:your_port/auth/admin/realms/your_realm_name/groups?search=name_of_the_group
it will return {id, name, path, subGroups} to you..
My Postman Example
The documentation you're using is pretty old. Take a look at the documentation for the latest release:
https://www.keycloak.org/docs-api/4.8/rest-api/#_groups_resource
You can provide a "search" parameter to look for groups by name.
Unfortunately, if you use the name of a subGroup, it returns the entire hierarchy starting from the top-level group, so the API for groups is still problematic.
One way is to enter keycloak admin panel. Then in the Groups option, select a group. Finally you will find the group id in the URL. Like /realms/Applications/groups/bc49dc6c-7c2a-40c4-bf60-fea8c2b1d562
You can get a list of all groups:
GET /admin/realms/{realm}/groups
The response will have group properties including id.
[
{
"id": "8ge163b3-6kc7-40ed-x069-3309eabbcbea",
"name": "group1",
"path": "/group1",
"subGroups": []
}
]
This might come a bit late, but anyway.
There is also the GET /{realm}/group-by-path/{path} endpoint which will return only the group that you desire since path is unique.
Also if someone needs (and since this isn't actually documented, or at least not as of the writing of this answer) if you want to call this endpoint from the admin-cli you can do it as follows:
./kcadm.sh get group-by-path/{path} --realm {realm}
ex.: ./kcadm.sh get group-by-path/parent_group/child_group/grand_child_group --realm realm1
We're converting all SP permissions into ActiveDirectory groups (one per uninherited object, per role level). I wanted the group names to reflect where the permissions were/are, so I assigned each group with a name that matched the site structure:
sitecollection|site|list|Full Control
Active Directory had issues with the pipes and the potential length, so I reconfigured everything to use the description of the Active Directory object instead. The actual CN of the group is -someNumber- (-1-,-2-, etc).
I ran across an interesting phenomena while adding the groups into SharePoint under the same role level; I had to start the groups at 1000 else the EnsureUser couldn't find the group no matter what.
$web.EnsureUser('c:0-.f|myprovider|-1-') says it doesn't exist, whereas $web.EnsureUser('c:0-.f|myprovider|-1000-') does just fine.
Is there some sort of limitation to the number of characters a SAM Account Name / Principal Name must be when being searched by SharePoint?
You need to include the Domain name in EnsureUser - Domain\Username
Or you can just add i:0#.f|myprovider| to the username so it looks like i:0#.f|myprovider|myuser and pass the result into EnsureUser. In my case "myprovider" is the name of my custom membership provider.
Here is a group A. I want to extract the members' group information as the training data set.
For example, group A has a list of 400 members and each member joins a number of different groups.
How can I get the members' information from the group? Can I get members' information by simply using the group id?
You can query the group endpoint using the graph api...
https://graph.faecbook.com/GROUP_ID/members
This will return (quoting facebook docuemntation) :
All of the users who are members of this group (can only currently return the first 500 members).
You will have to use a valid access token and you will only be able to retrieve one if you are administering the group.